Hash Intelligence Cards (aka Hash Cards) provide an on-demand summary of essential information related to a specific Hash, and are updated in real time as Recorded Future collects new information. You can use Hash Cards as a starting point when assessing whether observation of a given Hash in a specific context is an Indicator of Compromise, and further can be used in security control rules to block or detect incidents. Hash Cards are also pivot points during investigations that start with another indicator, a malware tool, a vulnerability, or a threat actor.
Descriptions of several common components of the Hash Card are available elsewhere, depending on your subscription type:
- Advanced and Core License users can review this Overview of Intelligence Cards
- SecOps Intelligence users can review this Overview of Intelligence Cards
Below are details specific to the Hash Card:
Hash Card: Risk Scoring
Hash Risk Scores distinguish malicious file hashes from web reporting on hashes used for other technical purposes: passwords, digital fingerprints, certificates, etc. The risk rules for Hashes currently do not have an age out criteria. Once scored as malicious, a hash Risk Score will not decrease due to age and will generally remain permanently malicious (but could change based on discovery of new information).
Hash Cards provide full transparency, sourcing all of the evidence behind a Risk Score.
Intelligence Partner Extensions
Extensions are integrations that enhance Hash Cards with content from our Intelligence Partners. Click here to learn more. We also have a training page specific to the extensions available on a Hash Card.